<?php 
// This is your AJAX page 
// This file name MUST be rekod_kehadiran_edit_config.php in order for this to work!!
// This file MUST be located in the same directory as the PHP file shown below!

if (isset($_POST['id'])) {
$dbconnect = mysql_connect('localhost', 'root', '') or die("Couldn't connect to 'localhost' " . mysql_error() );
$dbselect = mysql_select_db('kursus_staf', $dbconnect) or die("Trouble selecting the 'kursus_staf'");
if (!function_exists('sql_val')) {
     function sql_val( $input ) {
          if ( get_magic_quotes_gpc() ) {
               $input = stripslashes( $input );
          } //get_magic_quotes_gpc()
          return ( "'" . mysql_real_escape_string( $input ) . "'" );
     }
} //end function not exist
if ( !function_exists( 'clean' ) ) {
     function clean( $input, $type="", $no_tags="" ) {
          if ($no_tags != "") {
               $input = trim(strip_tags($input));
          }
          if ($type != "") {
               if (strlen(strstr($type,"("))>0) {
                    $split = explode("(", $type);
                    $type = $split['0'];
                    $limit = str_replace(")", "", $split['1']);

                    if ( ($type == "int") && (!is_int($input)) ) {
                         $input = (int)substr($input, 0, $limit);
                    } else {
                         $input = substr($input, 0, $limit);
                    }
               }
          }
          if ( get_magic_quotes_gpc() ) {
               $input = stripslashes( $input );
          } 
          if ( @mysql_ping() != "" ) {
               $input = mysql_real_escape_string( $input );
          } else {
               $search = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a");
               $replace = array("\\x00", "\\n", "\\r", "\\\\" ,"\'", "\\\"", "\\x1a");
               $input = str_replace($search, $replace, $input);
          }
          return $input;
     } //end function
} //end function not exist
if (!function_exists('reverb')) {
     function reverb($value) {
          return htmlspecialchars(stripslashes($value));
     }
}//end functin not exists
if (!function_exists('print_x')) {
     function print_x($value) {
          echo '<pre>';
          print_r($value);
          echo '</pre>';
     }
}//end functin not exists
if (isset($_POST['id'])) { 
     $id = isset($_POST['id']) ? clean($_POST['id'], "int(11)") : "";
     $nama = isset($_POST['nama']) ? clean($_POST['nama'], "varchar(255)") : "";
     $noic = isset($_POST['noic']) ? clean($_POST['noic'], "varchar(255)") : "";
     $kategori_kursus = isset($_POST['kategori_kursus']) ? clean($_POST['kategori_kursus'], "varchar(255)") : "";
     $nama_kursus = isset($_POST['nama_kursus']) ? clean($_POST['nama_kursus'], "varchar(255)") : "";
     $tempat_kursus = isset($_POST['tempat_kursus']) ? clean($_POST['tempat_kursus'], "varchar(255)") : "";
     $anjuran = isset($_POST['anjuran']) ? clean($_POST['anjuran'], "varchar(255)") : "";
     $tarikh_mula = isset($_POST['tarikh_mula']) ? clean($_POST['tarikh_mula'], "date") : "";
     $tarikh_tamat = isset($_POST['tarikh_tamat']) ? clean($_POST['tarikh_tamat'], "date") : "";
     $bil_hari = isset($_POST['bil_hari']) ? clean($_POST['bil_hari'], "int(11)") : "";
     $tarikh_key_in = isset($_POST['tarikh_key_in']) ? clean($_POST['tarikh_key_in'], "date") : "";
     $disahkan = isset($_POST['disahkan']) ? clean($_POST['disahkan'], "text") : "";
     $kumpulan_perkhidmatan = isset($_POST['kumpulan_perkhidmatan']) ? clean($_POST['kumpulan_perkhidmatan'], "varchar(255)") : "";
}

$id = clean($_POST['id']);

if (mysql_numrows(mysql_query('SELECT `id` FROM permohonan_kursus WHERE `id` = '.sql_val($id))) >= 1) {

     $query = 'UPDATE permohonan_kursus SET 
          `id` = '.sql_val($id).', 
          `nama` = '.sql_val($nama).', 
          `noic` = '.sql_val($noic).', 
          `kategori_kursus` = '.sql_val($kategori_kursus).', 
          `nama_kursus` = '.sql_val($nama_kursus).', 
          `tempat_kursus` = '.sql_val($tempat_kursus).', 
          `anjuran` = '.sql_val($anjuran).', 
          `tarikh_mula` = '.sql_val($tarikh_mula).', 
          `tarikh_tamat` = '.sql_val($tarikh_tamat).', 
          `bil_hari` = '.sql_val($bil_hari).', 
          `tarikh_key_in` = '.sql_val($tarikh_key_in).', 
          `disahkan` = '.sql_val($disahkan).', 
          `kumpulan_perkhidmatan` = '.sql_val($kumpulan_perkhidmatan).' 
     WHERE `id` = '.sql_val($id);

/*<!-- NOT in safe mode!! -->*/

$result = mysql_query($query) or die('<p class="db_error"><b>A fatal MySQL error occurred while trying to update <b>'.reverb($_POST['id']).'</b> in the database.</b><br />Query: '.$query.'<br />Error: ('.mysql_errno().') '.mysql_error().'</p>');
if ($result) $db_message = '<p class="db_success">Successfully updated <b>id : '.reverb($_POST['id']).'</b> in the database!!</p>';
//print_x($query);
}//end if more than or equal to 1
else { $db_message = '<p class="db_error">There are no entries where <b>id = '.reverb($_POST['id']).'</b> </p>'; }
/*<!-- NOT in safe mode!! -->*/

if (isset($db_message)) echo $db_message;

}//end if isset POST id
?>